Senate 'Internet Kill Switch' Bill Moves Forward

A Senate committee on Thursday approved a cyber-security bill that has prompted concern about a presidential "Internet kill switch."

0shares

A Senate committee on Thursday approved a cyber-security bill that has prompted concern about a presidential "Internet kill switch."

The Homeland Security and Governmental Affairs Committee unanimously approved the Protecting Cyberspace as a National Asset Act of 2010 (S. 3480). It now moves to the Senate floor for a full vote.

The bill is an over-arching cyber-security measure, which would, among other things, create an office of cyberspace policy within the White House, which would be led by a Senate-appointed director. It would also create a new center within the Homeland Security Department, which would implement cyber-security policies.

A provision that got the most attention, however, was one that gave the president the power to "authorize emergency measures to protect the nation's most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited."

Though the language is somewhat vague, this section was interpreted by many as giving the president an "Internet kill switch" that would effectively allow him to "turn off" the Web in an emergency.

"While the bill makes it clear that it does not authorize electronic surveillance beyond that authorized in current law, we are concerned that the emergency actions that could be compelled could include shutting down or limiting Internet communications that might be carried over covered critical infrastructure systems," several privacy groups, including the American Civil Liberties Union (ACLU), wrote in a Wednesday letter to the committee.

The bill should be amended to describe exactly what actions the government can take, the groups said.

Current law already provides the president with broad authority to take over communications networks, the committee said, pointing to Section 706 of the Communications Act. That portion gives the president authority to "cause the closing of any facility or station for wire communication" and "authorize the use of control of any such facility or station" by the federal government. This can be done if a state or threat of war exists, it does not require advance notification to Congress, and can continue for up to six months after the threat expires.

This bill, the committee said, "would bring presidential authority to respond to a major cyber attack into the 21st century by providing a precise, targeted, and focused way for the president to defend our most sensitive infrastructure."

Specifically, the bill would give the president 30 days to respond to a threat, requires that he notify Congress beforehand, and demands that he use the "least disruptive means feasible" to do so. The committee denied that it lets him "take over" the Web, and said it does not provide any new surveillance authorities. Owners of private networks would be able to propose alternative responses to a given threat.

Lieberman's bill "authorizes only the identification of particular systems or assets  not whole companies, and certainly not the entire Internet," the committee said. "Only specific systems or assets whose disruption would cause a national or regional catastrophe would be subject to the bill's mandatory security requirements."

A catastrophe would include mass casualties, severe economic impact, mass prolonged evacuations, or severe degradation of national security capabilities.

The committee's fact sheet also denied that the bill gives the president the authority to conduct e-surveillance and monitor private networks or regulate the Internet.

"Catastrophic cyber attack is no longer a fantasy or a fiction," Lieberman said in a Thursday statement. "It is a clear and present danger. This legislation would fundamentally reshape the way the federal government defends America's cyberspace. It takes a comprehensive, risk-based, and collaborative approach to addressing critical vulnerabilities in our own defenses. We believe our bill would go a long way toward improving the security of our government and private critical infrastructure, and therefore the security of the American people."

Rep. Jane Harman, a California Democrat, has introduced a House version of the bill, H.R. 5548, but it has not yet passed committee.

Chloe Albanesius has been with PCMag.com since April 2007, most recently as Executive Editor for News and Features. Prior to that, she worked for a year covering financial IT on Wall Street for Incisive Media. From 2002 to 2005, Chloe covered technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's degree in journalism from American University...
More »

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service